Name: ntpsec Version: 1.2.2a Release: 1%{?dist} Summary: NTP daemon and utilities # Primary license: MIT (NTP variant) # attic/ntpdate: BSD # include/{ascii,binio,ieee754io}.h: BSD # include/{ntp_assert,isc_*.h}: ISC # include/mbg_gps166.h: BSD # include/ntp_{debug,endian,filegen}.h: BSD # include/nts*.h: BSD # include/parse*.h: BSD # include/trimble.h: BSD # libaes_siv: ASL 2.0 # libntp/emalloc.c: ISC # libntp/ntp_{c,endian,random}.c: BSD # libntp/pymodule*: BSD # libntp/python_compatibility.h: BSD # libntp/strl_obsd.c: ISC # libparse: BSD # ntpclients: BSD # ntpd/ntp_config.c: BSD # ntpd/ntp_dns.c: BSD # ntpd/ntp_filegen.c: BSD # ntpd/ntp_parser.y: BSD # ntpd/ntp_sandbox.c: BSD # ntpd/ntp_scanner.*: BSD # ntpd/nts*.c: BSD # ntpd/refclock_generic.c: BSD # ntpd/refclock_jjy.c: BSD # ntpd/refclock_oncore.c: Beerware (public domain) # ntpd/refclock_trimble.c: BSD with advertising # ntpfrob: BSD # pylib: BSD License: MIT and BSD and BSD with advertising and ISC and ASL 2.0 URL: https://www.ntpsec.org/ Source0: https://ftp.ntpsec.org/pub/releases/ntpsec-%{version}.tar.gz Source1: https://ftp.ntpsec.org/pub/releases/ntpsec-%{version}.tar.gz.asc Source2: https://ftp.ntpsec.org/pub/releases/ntpsec.gpg.pub.asc Source3: ntp.conf # Detect weak keys generated by ntpkeygen (CVE-2021-22212) Patch1: ntpsec-weakkeys.patch BuildRequires: bison BuildRequires: gcc BuildRequires: gnupg2 BuildRequires: libbsd-devel BuildRequires: libcap-devel BuildRequires: m4 BuildRequires: openssl-devel BuildRequires: pps-tools-devel BuildRequires: python3-devel BuildRequires: rubygem-asciidoctor BuildRequires: systemd BuildRequires: waf Requires(pre): shadow-utils %{?systemd_requires} Conflicts: ntp ntp-perl ntpdate Obsoletes: ntp < 4.2.10 ntp-perl < 4.2.10 ntp-doc < 4.2.10 ntpdate < 4.2.10 sntp < 4.2.10 # Set pool.ntp.org vendor zone for default configuration %if 0%{!?vendorzone:1} %global vendorzone %(source /etc/os-release && echo ${ID}.) %endif # Private library %global __provides_exclude ^libntpc\\.so.*$ %global __requires_exclude ^libntpc\\.so.*$ %description NTPsec is a more secure and improved implementation of the Network Time Protocol derived from the original NTP project. %prep %{gpgverify} --keyring=%{SOURCE2} --signature=%{SOURCE1} --data=%{SOURCE0} %autosetup -p1 # Fix egg info to use a shorter version which will work as an rpm provide sed -i 's|NTPSEC_VERSION_EXTENDED|NTPSEC_VERSION|' pylib/ntp-in.egg-info # Modify compiled-in statsdir sed -i 's|/var/NTP|%{_localstatedir}/log/ntpstats|' \ docs/includes/ntpd-body.adoc ntpd/ntp_util.c %build export CFLAGS="$RPM_OPT_FLAGS" export LDFLAGS="$RPM_LD_FLAGS" waf configure \ --enable-debug \ --enable-debug-gdb \ --disable-doc \ --refclock=all \ --prefix=%{_prefix} \ --exec-prefix=%{_exec_prefix} \ --bindir=%{_bindir} \ --sbindir=%{_sbindir} \ --sysconfdir=%{_sysconfdir} \ --datadir=%{_datadir} \ --includedir=%{_includedir} \ --libdir=%{_libdir} \ --libexecdir=%{_libexecdir} \ --localstatedir=%{_localstatedir} \ --sharedstatedir=%{_sharedstatedir} \ --mandir=%{_mandir} \ ; waf build %install waf --destdir=%{buildroot} install install -p -m755 attic/ntpdate %{buildroot}%{_sbindir}/ntpdate mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d install -p -m644 etc/logrotate-config.ntpd \ %{buildroot}%{_sysconfdir}/logrotate.d/ntpsec.conf rm -rf %{buildroot}%{_docdir} rm %{buildroot}%{_bindir}/runtests pushd %{buildroot} sed -e 's|VENDORZONE\.|%{vendorzone}|' \ -e 's|VARNTP|%{_localstatedir}/lib/ntp|' \ < %{SOURCE3} > .%{_sysconfdir}/ntp.conf touch -r %{SOURCE3} .%{_sysconfdir}/ntp.conf for f in .%{_bindir}/*; do head -c 30 "$f" | grep -q python || continue %py3_shebang_fix "$f" done # Move ntpq to sbin for better compatibility with ntp package mv .%{_bindir}/ntpq .%{_sbindir}/ntpq mkdir -p .%{_localstatedir}/{lib/ntp,log/ntpstats} touch .%{_localstatedir}/lib/ntp/ntp.drift mkdir -p .%{_prefix}/lib/systemd/ntp-units.d echo 'ntpd.service' > .%{_prefix}/lib/systemd/ntp-units.d/60-ntpd.list popd %check waf check %pre # UID/GID inherited from the ntp package /usr/sbin/groupadd -g 38 ntp 2> /dev/null || : /usr/sbin/useradd -u 38 -g 38 -s /sbin/nologin -M -r \ -d %{_localstatedir}/lib/ntp ntp 2>/dev/null || : %post %systemd_post ntpd.service ntp-wait.service systemctl daemon-reload 2> /dev/null || : %preun %systemd_preun ntpd.service ntp-wait.service %postun %systemd_postun_with_restart ntpd.service %global service_save_file /run/ntp-ntpsec.upgrade.services %triggerprein -- ntp < 4.2.10 [ $1 = 0 ] || exit 0 # Save enabled ntp services and configuration (before our post) for s in ntpd ntp-wait; do systemctl is-enabled -q "$s".service 2> /dev/null && echo "$s" 2> /dev/null >> %{service_save_file} done rm -rf %{_sysconfdir}/ntp.ntpsec cp -r --preserve=all %{_sysconfdir}/ntp %{_sysconfdir}/ntp.ntpsec 2> /dev/null : %triggerpostun -- ntp < 4.2.10 [ $2 = 0 ] || exit 0 # Restore the services and configuration from ntp (after its preun) for s in ntpd ntp-wait; do grep -q "^$s$" %{service_save_file} 2> /dev/null && systemctl enable -q "$s".service 2> /dev/null done rm -f %{service_save_file} mv -f -T --backup=numbered %{_sysconfdir}/ntp.ntpsec %{_sysconfdir}/ntp # Remove unsupported restrictions sed -i.bak -E '/^restrict/s/no(e?peer|trap)//g' %{_sysconfdir}/ntp.conf : %files %license LICENSES/* %doc NEWS.adoc README.adoc %config(noreplace) %{_sysconfdir}/ntp.conf %dir %{_sysconfdir}/logrotate.d %config(noreplace) %{_sysconfdir}/logrotate.d/ntpsec.conf %{_bindir}/ntp* %{_sbindir}/ntp* %{_libdir}/libntpc.so* %{_mandir}/man1/ntp*.1* %{_mandir}/man5/ntp*.5* %{_mandir}/man8/ntp*.8* %{_unitdir}/ntp*.service %{_unitdir}/ntp*.timer %{_prefix}/lib/systemd/ntp-units.d/*ntpd.list %dir %attr(-,ntp,ntp) %{_localstatedir}/lib/ntp %ghost %attr(644,ntp,ntp) %{_localstatedir}/lib/ntp/ntp.drift %dir %attr(-,ntp,ntp) %{_localstatedir}/log/ntpstats %{python3_sitearch}/ntp-*.egg-info %{python3_sitearch}/ntp %changelog * Thu Aug 03 2023 Miroslav Lichvar 1.2.2a-1 - update to 1.2.2a (CVE-2023-4012) * Thu Jul 20 2023 Fedora Release Engineering - 1.2.2-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild * Wed Jun 14 2023 Python Maint - 1.2.2-3 - Rebuilt for Python 3.12 * Thu Jan 19 2023 Fedora Release Engineering - 1.2.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild * Mon Jan 02 2023 Miroslav Lichvar 1.2.2-1 - update to 1.2.2 * Fri Jul 22 2022 Fedora Release Engineering - 1.2.1-9 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Mon Jun 13 2022 Python Maint - 1.2.1-8 - Rebuilt for Python 3.11 * Thu Jan 20 2022 Fedora Release Engineering - 1.2.1-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Wed Sep 15 2021 Miroslav Lichvar 1.2.1-6 - fix building with OpenSSL-3.0 * Tue Sep 14 2021 Sahana Prasad - 1.2.1-5 - Rebuilt with OpenSSL 3.0.0 * Thu Jul 22 2021 Fedora Release Engineering - 1.2.1-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild * Thu Jun 17 2021 Miroslav Lichvar 1.2.1-3 - detect weak keys generated by ntpkeygen (#1955859) * Mon Jun 07 2021 Python Maint - 1.2.1-2 - Rebuilt for Python 3.10 * Mon Jun 07 2021 Miroslav Lichvar 1.2.1-1 - update to 1.2.1 (CVE-2021-22212) - enable refclock support (#1955859) - add libbsd-devel to build requirements * Fri Jun 04 2021 Python Maint - 1.2.0-8 - Rebuilt for Python 3.10 * Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek - 1.2.0-7 - Rebuilt for updated systemd-rpm-macros See https://pagure.io/fesco/issue/2583. * Mon Feb 01 2021 Miroslav Lichvar 1.2.0-6 - change ntpdate defaults to follow classic ntpdate (#1917884) * Tue Jan 26 2021 Fedora Release Engineering - 1.2.0-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild * Mon Jan 18 2021 Miroslav Lichvar 1.2.0-4 - include associd in ntpq readvar output (#1914901) - fix ntpq crash in raw mode (#1914901) * Wed Jan 06 2021 Miroslav Lichvar 1.2.0-3 - switch to flat default configuration - save enabled services and configuration when replacing ntp - move ntpdate and ntpq to /usr/sbin for better compatibility - extend ntp conflicts and obsoletes * Tue Dec 01 2020 Miroslav Lichvar 1.2.0-2 - address issues found in package review (#1896368) * Tue Nov 10 2020 Miroslav Lichvar 1.2.0-1 - package ntpsec